Security

Your data security is our top priority. Learn how CorexOS® protects your business information with enterprise-grade security measures.

Last updated: March 29, 2026

Data Encryption

AES-256 encryption at rest and TLS 1.3 for all data in transit.

Access Control

Role-based permissions with 2FA, SSO, and row-level security.

Audit Logging

Complete audit trail of all actions with tamper-proof logs.

Backup & Recovery

Automated daily backups with point-in-time recovery capability.

Infrastructure Security

CorexOS® infrastructure is hosted on enterprise-grade servers with multiple layers of physical and logical security:

  • SOC 2 Type II compliant hosting environments with 24/7 physical security and biometric access controls.
  • Redundant network architecture with DDoS protection and Web Application Firewall (WAF).
  • Isolated tenant environments ensuring complete data separation between organizations.
  • Regular infrastructure hardening and patch management following CIS benchmarks.
  • Geographic redundancy with data centers across multiple availability zones.

Application Security

The Aurevia® Engine powering CorexOS® incorporates security at every layer:

  • Input validation and parameterized queries to prevent SQL injection and XSS attacks.
  • CSRF protection on all state-changing operations with secure token generation.
  • Content Security Policy (CSP) headers to mitigate code injection attacks.
  • Rate limiting and throttling to prevent brute-force attacks and API abuse.
  • Automatic session management with configurable timeout and concurrent session controls.
  • Secure password hashing using bcrypt with configurable salt rounds.

Data Protection

We employ comprehensive data protection measures:

  • AES-256 encryption for all data at rest including database records and file attachments.
  • TLS 1.3 encryption for all data in transit with HSTS enforcement.
  • Automated daily encrypted backups retained for 30 days with point-in-time recovery.
  • Data residency options allowing you to choose where your data is stored.
  • Secure data deletion procedures ensuring complete removal when requested.

Access Management

CorexOS® provides enterprise-grade access management:

  • Granular role-based access control (RBAC) with document, field, and row-level permissions.
  • Multi-factor authentication (2FA) support via TOTP authenticator apps.
  • Single Sign-On (SSO) integration with SAML 2.0, OAuth 2.0, and LDAP.
  • IP whitelisting and geolocation-based access restrictions.
  • Complete audit trail logging every user action with timestamps and IP addresses.
  • Configurable password policies including complexity requirements and rotation schedules.

Security Testing & Monitoring

We maintain ongoing vigilance through:

  • Regular penetration testing by certified third-party security firms.
  • Automated vulnerability scanning of all application components and dependencies.
  • 24/7 security monitoring with real-time alerting for suspicious activities.
  • Bug bounty program encouraging responsible disclosure of security vulnerabilities.
  • Incident response plan with defined procedures for containment, investigation, and notification.

Compliance

CorexOS® is designed with compliance in mind. Our platform helps organizations meet requirements for GDPR, SOC 2, HIPAA (with BAA), and various industry-specific regulations. We regularly review and update our security practices to align with evolving standards and regulatory requirements.

Responsible Disclosure

If you discover a security vulnerability in CorexOS®, we encourage you to report it responsibly. Please send details to our security team at support@ygroup.jp. We will acknowledge receipt within 24 hours and work to address confirmed vulnerabilities promptly.

Contact Our Security Team

For security inquiries, vulnerability reports, or compliance questions:

Why Inc.

Shinjuku Park Tower, Nishi-Shinjuku, Shinjuku-ku, Tokyo, Japan

Email: support@ygroup.jp

Website: www.y-corex.com